package ca.tecreations.apps.security.pkitool.gui;

import java.io.ByteArrayInputStream;
import java.io.FileOutputStream;
import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
import java.lang.runtime.ObjectMethods;
import java.math.BigInteger;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.time.Instant;
import java.time.ZonedDateTime;
import java.util.Date;
import java.util.HexFormat;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.DERUTF8String;
import org.bouncycastle.asn1.x500.AttributeTypeAndValue;
import org.bouncycastle.asn1.x500.RDN;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.bc.BcX509ExtensionUtils;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;

/* loaded from: input_file:ca/tecreations/apps/security/pkitool/gui/GetSelfSigned.class */
public class GetSelfSigned {
    private static final Provider BC_PROVIDER = new BouncyCastleProvider();
    private static final SecureRandom PRNG = new SecureRandom();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:ca/tecreations/apps/security/pkitool/gui/GetSelfSigned$Validity.class */
    public static final class Validity extends Record {
        private final Date notBefore;
        private final Date notAfter;

        private Validity(Date date, Date date2) {
            this.notBefore = date;
            this.notAfter = date2;
        }

        private static Validity ofYears(int i) {
            ZonedDateTime now = ZonedDateTime.now();
            return of(now.toInstant(), now.plusYears(i).toInstant());
        }

        private static Validity of(Instant instant, Instant instant2) {
            return new Validity(Date.from(instant), Date.from(instant2));
        }

        @Override // java.lang.Record
        public final String toString() {
            return (String) ObjectMethods.bootstrap(MethodHandles.lookup(), "toString", MethodType.methodType(String.class, Validity.class), Validity.class, "notBefore;notAfter", "FIELD:Lca/tecreations/apps/security/pkitool/gui/GetSelfSigned$Validity;->notBefore:Ljava/util/Date;", "FIELD:Lca/tecreations/apps/security/pkitool/gui/GetSelfSigned$Validity;->notAfter:Ljava/util/Date;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final int hashCode() {
            return (int) ObjectMethods.bootstrap(MethodHandles.lookup(), "hashCode", MethodType.methodType(Integer.TYPE, Validity.class), Validity.class, "notBefore;notAfter", "FIELD:Lca/tecreations/apps/security/pkitool/gui/GetSelfSigned$Validity;->notBefore:Ljava/util/Date;", "FIELD:Lca/tecreations/apps/security/pkitool/gui/GetSelfSigned$Validity;->notAfter:Ljava/util/Date;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final boolean equals(Object obj) {
            return (boolean) ObjectMethods.bootstrap(MethodHandles.lookup(), "equals", MethodType.methodType(Boolean.TYPE, Validity.class, Object.class), Validity.class, "notBefore;notAfter", "FIELD:Lca/tecreations/apps/security/pkitool/gui/GetSelfSigned$Validity;->notBefore:Ljava/util/Date;", "FIELD:Lca/tecreations/apps/security/pkitool/gui/GetSelfSigned$Validity;->notAfter:Ljava/util/Date;").dynamicInvoker().invoke(this, obj) /* invoke-custom */;
        }

        public Date notBefore() {
            return this.notBefore;
        }

        public Date notAfter() {
            return this.notAfter;
        }
    }

    public static void main(String[] strArr) throws Exception {
        Security.insertProviderAt(BC_PROVIDER, 1);
        KeyPair keyPair = getKeyPair("RSA", 4096);
        X509Certificate selfSignedCert = getSelfSignedCert(keyPair, getSubject(), Validity.ofYears(100), "SHA256WithRSA");
        char[] charArray = "password".toCharArray();
        KeyStore keyStore = getKeyStore("PKCS12", keyPair, charArray, "alias", selfSignedCert);
        String str = "self.signed.x509_" + HexFormat.of().toHexDigits(System.currentTimeMillis());
        Files.write(Path.of(str + ".cer", new String[0]), selfSignedCert.getEncoded(), new OpenOption[0]);
        keyStore.store(new FileOutputStream(str + ".p12"), charArray);
    }

    private static KeyStore getKeyStore(String str, KeyPair keyPair, char[] cArr, String str2, X509Certificate x509Certificate) throws Exception {
        KeyStore keyStore = KeyStore.getInstance(str);
        keyStore.load(null, cArr);
        keyStore.setKeyEntry(str2, keyPair.getPrivate(), cArr, new X509Certificate[]{x509Certificate});
        return keyStore;
    }

    private static KeyPair getKeyPair(String str, int i) throws NoSuchAlgorithmException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(str, BC_PROVIDER);
        keyPairGenerator.initialize(i, PRNG);
        return keyPairGenerator.generateKeyPair();
    }

    private static X500Name getSubject() {
        return new X500Name(new RDN[]{new RDN(new AttributeTypeAndValue[]{new AttributeTypeAndValue(BCStyle.CN, new DERUTF8String("Common Name")), new AttributeTypeAndValue(BCStyle.OU, new DERUTF8String("Organisational Unit name")), new AttributeTypeAndValue(BCStyle.O, new DERUTF8String("Organisation")), new AttributeTypeAndValue(BCStyle.L, new DERUTF8String("Locality name")), new AttributeTypeAndValue(BCStyle.ST, new DERUTF8String("State or Province name")), new AttributeTypeAndValue(BCStyle.C, new DERUTF8String("uk"))})});
    }

    private static X509Certificate getSelfSignedCert(KeyPair keyPair, X500Name x500Name, Validity validity, String str) throws Exception {
        BigInteger bigInteger = new BigInteger(64, PRNG);
        byte[] encoded = keyPair.getPublic().getEncoded();
        SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance(encoded);
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(encoded);
        try {
            ASN1InputStream aSN1InputStream = new ASN1InputStream(byteArrayInputStream);
            try {
                SubjectKeyIdentifier createSubjectKeyIdentifier = new BcX509ExtensionUtils().createSubjectKeyIdentifier(SubjectPublicKeyInfo.getInstance(aSN1InputStream.readObject()));
                X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(x500Name, bigInteger, validity.notBefore, validity.notAfter, x500Name, subjectPublicKeyInfo);
                X509Certificate certificate = new JcaX509CertificateConverter().setProvider(BC_PROVIDER).getCertificate(x509v3CertificateBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(true)).addExtension(Extension.subjectKeyIdentifier, false, createSubjectKeyIdentifier).build(new JcaContentSignerBuilder(str).build(keyPair.getPrivate())));
                aSN1InputStream.close();
                byteArrayInputStream.close();
                return certificate;
            } finally {
            }
        } catch (Throwable th) {
            try {
                byteArrayInputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }
}
